<?php
/*********************************************
  CPG Dragonfly™ CMS
  ********************************************
  Copyright © 2004 - 2009 by CPG-Nuke Dev Team
  http://dragonflycms.org

  Dragonfly is released under the terms and conditions
  of the GNU GPL version 2 or any later version
**********************************************/
if (!defined('ADMIN_PAGES')) { exit; }

if ($CPG_SESS['admin']['page'] != 'users') {
	cpg_error(_ERROR_BAD_LINK, _SEC_ERROR);
}

$wait = $_POST['wait'];
if (empty($wait) || empty($_POST['waiting_users'])) {
	cpg_error(sprintf(_ERROR_NOT_SET, 'Member'), _SEC_ERROR);
}

$members = $_POST['waiting_users'];
if (is_array($members)) {
	$members = implode(',', $_POST['waiting_users']);
}

if ($wait == 'approve')
{
	Dragonfly_Page::setTitle('. '._BC_DELIM.' '._APPROVEUSER);
	$TPL = Dragonfly::getKernel()->OUT;
	$TPL->waiting_ids   = $members;
	$TPL->waiting_users = $db->query("SELECT username AS nickname FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	$TPL->display('admin/users/wait_approve');
}
else if ($wait == 'approveConf')
{
	exit('TODO: fix creation of account');
	$result = $db->query("SELECT * FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	while ($newuser = $result->fetch_assoc()) {
		$message = _SORRYTO.' '.$MAIN_CFG->global->sitename.' '._HASAPPROVE;
		send_mail($dummy, $message,0,_ACCTAPPROVE,$newuser['user_email']);
		$fields = '';
		$values = '';
		foreach($newuser AS $field => $value) {
			if ($field != 'user_id' && $field != 'check_num' && $field != 'time' && !is_numeric($field)) {
				$fields .= $field.', ';
				$values .= '"'.Fix_Quotes($value).'", ';
			}
		}
		$db->query("INSERT INTO {$db->TBL->users} ({$fields}user_level, user_avatar) VALUES ({$values}1, '{$MAIN_CFG->avatar->default}')");
	}
	$db->query("DELETE FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	URL::redirect(URL::admin('users'));
}

else if ($wait == 'deny')
{
	Dragonfly_Page::setTitle('. '._BC_DELIM.' '._DENYUSER);
	$TPL = Dragonfly::getKernel()->OUT;
	$TPL->waiting_ids   = $members;
	$TPL->waiting_users = $db->query("SELECT username AS nickname FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	$TPL->display('admin/users/wait_deny');
}
else if ($wait == 'denyConf')
{
	$result = $db->query("SELECT user_email FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	while ($newuser = $result->fetch_row()) {
		$message = isset($_POST['denyreason']) ? "\n\n"._DENYREASON."\n".$_POST['denyreason'] : '';
		send_mail($dummy, _SORRYTO.' '.$MAIN_CFG->global->sitename.' '._HASDENY.$message, 0, _ACCTDENY, $newuser[0]);
	}
	$db->query("DELETE FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	URL::redirect(URL::admin('users'));
}

else if ($wait == 'resendMail')
{
	Dragonfly_Page::setTitle('. '._BC_DELIM.' '._RESENDMAIL);
	$TPL = Dragonfly::getKernel()->OUT;
	$TPL->waiting_ids   = $members;
	$TPL->waiting_users = $db->query("SELECT username AS nickname FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	$TPL->display('admin/users/wait_resend');
}
else if ($wait == 'resendMailConf')
{
	$result = $db->query("SELECT user_id, user_email, check_num FROM {$db->TBL->users_temp} WHERE user_id IN ({$members})");
	while ($row = $result->fetch_assoc()) {
		$finishlink = URL::index("Your_Account&file=register&activate=$row[user_id]&check_num=$row[check_num]", true, true);
		$message = _WELCOMETO.' '.$MAIN_CFG->global->sitename."!\n\n"._YOUUSEDEMAIL.' '.$row['user_email'].' '._TOREGISTER.' '.$MAIN_CFG->global->sitename.".\n\n "._TOFINISHUSER."\n\n ".$finishlink;
		send_mail($dummy, $message, 0, _ACTIVATIONSUB, $row['user_email']);
		$db->query("UPDATE {$db->TBL->users_temp} SET time='".time()."' WHERE user_id='$row[user_id]'");
	}
	URL::redirect(URL::admin('users'));
}

else if ($wait == 'modify')
{
	Dragonfly_Page::setTitle('. '._BC_DELIM.' '._MODIFYINFO);
	$TPL = Dragonfly::getKernel()->OUT;

	$TPL->user_info = $db->uFetchAssoc("SELECT * FROM {$db->TBL->users_temp} WHERE user_id=".intval($_POST['waiting_users'][0]));

	// Add the additional fields to add user form if activated
	$fields = array();
	$result = $db->query("SELECT * FROM {$db->TBL->users_fields} WHERE visible > 0 ORDER BY section, fid");
	if ($result->num_rows > 0) {
		while ($row = $result->fetch_assoc())
		{
			if ($row['type'] == 7 && !$MAIN_CFG->member->allowusertheme) continue;
			if ($row['field'] == 'name') $row['field'] = 'realname';

			$info = $row['langdef'];
			if (defined($info)) $info = constant($info);
			$info .= ($row['visible'] == 2) ? ': *' : ':';

			$field = array(
				'info' => $info,
				'msg'  => defined($row['langdef']."MSG") ? constant($row['langdef']."MSG") : null,
				'data' => ''
			);

			if ($row['type'] == 0)
			{
				$field['data'] = '<input type="text" name="'.$row['field'].'" maxlength="'.$row['size'].'" value="'.$userinfo[$row['field']].'"/>';
			}
			else if ($row['type'] == 1)
			{
				$sel = ($userinfo[$row['field']]) ? array(' checked="checked"', '') : array('', ' checked="checked"');
				$field['data'] = '<input type="radio" name="'.$row['field'].'" value="1"'.$sel[0].' /><span class="gen">'._YES.'</span>&nbsp;&nbsp;
					<input type="radio" name="'.$row['field'].'" value="0"'.$sel[1].' /><span class="gen">'._NO.'</span>';
			}
			else if ($row['type'] == 2)
			{
				$field['data'] = '<textarea name="'.$row['field'].'" style="width: 300px" rows="6" cols="30" class="post">'.$userinfo[$row['field']].'</textarea>';
			}
			else if ($row['type'] == 3)
			{
				$ctz = $userinfo[$row['field']];
				$field['data'] = '<select name="'.$row['field'].'">';
				foreach (timezone_identifiers_list() as $tz) {
					$field['data'] .= '<option value="'.$tz.'"'.(($ctz == $tz) ? ' selected="selected"' : '').'>'.$tz.'</option>';
				}
				$field['data'] .= '</select>';
			}
			else if ($row['type'] == 4)
			{
				$field['data'] = '<input type="text" name="'.$row['field'].'" value="'.$userinfo[$row['field']].'" class="post" style="width: 100px" size="15" maxlength="'.$row['size'].'" />';
			}
			else if ($row['type'] == 5)
			{
				$sel = ($userinfo[$row['field']] == 'm') ? array(' checked="checked"', '') : array('', ' checked="checked"');
				$field['data'] = '<input type="radio" name="'.$row['field'].'" value="m"'.$sel[0].' /><span class="gen">'._MALE.'</span>&nbsp;&nbsp;
					<input type="radio" name="'.$row['field'].'" value="f"'.$sel[1].' /><span class="gen">'._FEMALE.'</span>';
			}
			else if ($row['type'] == 6)
			{
				$field['data'] = '<input type="text" name="'.$row['field'].'" value="'.date_short($userinfo[$row['field']]).'" class="post" style="width: 100px" size="15" maxlength="10" /> 10/24/1980';
			}
			else if ($row['type'] == 7)
			{
				$field['data'] = '<select name="'.$row['field'].'">';
				foreach (cpg_template::getThemes() as $theme) {
					$field['data'] .= "<option value=\"{$theme}\" ";
					if ((($userinfo['theme']=="") && ($theme==$MAIN_CFG->global->Default_Theme)) || ($userinfo['theme']==$theme)) {
						$field['data'] .= 'selected="selected"';
					}
					$field['data'] .= ">{$theme}</option>\n";
				}
				$field['data'] .= '</select>';
			}
			$fields[] = $field;
		}
	}
	$TPL->userinfo_fields = $fields;
	$TPL->display('admin/users/wait_modify');
}
else if ($wait == 'modifyConf')
{
	$fieldlist = '';
	$result = $db->query("SELECT * FROM {$db->TBL->users_fields} WHERE visible > 0");
	while ($row = $result->fetch_assoc()) {
		$var = ($row['field'] == 'name')?'realname':$row['field'];
		$info = $row['langdef'];
		if ($info[0] == '_' && defined($info)) $info = constant($info);
		if (empty($_POST[$var]) && $row['visible'] == 2) {
			cpg_error('Required field "'.$info.'" can\'t be empty');
		} else {
			$val = Fix_Quotes($_POST[$var], 1);
			if (strlen($val) > 0) {
				if ($row['type'] == 1 || $row['type'] == 4) $val = intval($val);
				else $val = substr($val,0,$row['size']);
				$fieldlist .= ", ".$row['field']."='$val'";
			}
		}
	}
	$db->query("UPDATE {$db->TBL->users_temp} SET user_email='{$_POST['email']}', time='".time()."'{$fieldlist} WHERE user_id=".intval($_POST['waiting_users']));
	URL::redirect(URL::admin('users'));
}
